CVE-2026-9082 in Drupal Core — active SQL injection; added to CISA KEV

Colleagues, please note: an actively exploited vulnerability in Drupal Core (CVE-2026-9082) has been detected. CISA added CVE-2026-9082 to the KEV list; a patch was released in under 48 hours. The flaw is an SQL injection affecting all supported versions and may enable privilege escalation and remote code execution. Imperva observed >15,000 attack attempts against ~6,000 sites across 65 countries, mainly targeting gaming and financial services. Patches available for 11.x and 10.x; 9.5 and 8.9 require manual mitigation. FCEB advises updating by 27 May. Why it matters: exploitation can escalate from reconnaissance to data theft or full takeover—update now. Have you checked your Drupal installs and patch plan? #cybersecurity #Drupal #vulnerabilities #infosec


Latest comments
No comments yet.